Skip to content

Commit f3e3f53

Browse files
psignoretpsignoret
committed
Validate group membership check response early
1 parent 82900b0 commit f3e3f53

File tree

1 file changed

+23
-23
lines changed

1 file changed

+23
-23
lines changed

aad-sso-wordpress.php

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -309,6 +309,29 @@ function authenticate( $user, $username, $password ) {
309309
// Of the AAD groups defined in the settings, get only those where the user is a member
310310
$group_ids = array_keys( $this->settings->aad_group_to_wp_role_map );
311311
$group_memberships = AADSSO_GraphHelper::user_check_member_groups( $jwt->oid, $group_ids );
312+
313+
// Validate response to throw an early error if unable to check group membership.
314+
if ( isset( $group_memberships->value ) ) {
315+
AADSSO::debug_log( sprintf(
316+
'Azure AD user \'%s\' is a member of [%s]',
317+
$jwt->oid, implode( ',', $group_memberships->value ) ), 20
318+
);
319+
} elseif ( isset ( $group_memberships->{'odata.error'} ) ) {
320+
AADSSO::debug_log( 'Error when checking group membership: ' . json_encode( $group_memberships ) );
321+
return new WP_Error(
322+
'error_checking_group_membership',
323+
sprintf(
324+
__( 'ERROR: Unable to check group membership in Azure AD: <b>%s</b>.',
325+
'aad-sso-wordpress' ), $group_memberships->{'odata.error'}->code )
326+
);
327+
} else {
328+
AADSSO::debug_log( 'Unexpected response to checkMemberGroups: ' . json_encode( $group_memberships ) );
329+
return new WP_Error(
330+
'unexpected_response_to_checkMemberGroups',
331+
__( 'ERROR: Unexpected response when checking group membership in Azure AD.',
332+
'aad-sso-wordpress' )
333+
);
334+
}
312335
}
313336

314337
// Invoke any configured matching and auto-provisioning strategy and get the user. We include
@@ -456,29 +479,6 @@ function get_wp_user_from_aad_user( $jwt, $group_memberships ) {
456479
* @return WP_User|WP_Error Return the WP_User with updated roles, or WP_Error if failed.
457480
*/
458481
function update_wp_user_roles( $user, $group_memberships ) {
459-
460-
// Check for errors in the group membership check response
461-
if ( isset( $group_memberships->value ) ) {
462-
AADSSO::debug_log( sprintf(
463-
'User \'%s\' is a member of [%s]',
464-
$user->ID, implode( ',', $group_memberships->value ) ), 20
465-
);
466-
} elseif ( isset ( $group_memberships->{'odata.error'} ) ) {
467-
AADSSO::debug_log( 'Error when checking group membership: ' . json_encode( $group_memberships ) );
468-
return new WP_Error(
469-
'error_checking_group_membership',
470-
sprintf(
471-
__( 'ERROR: Unable to check group membership in Azure AD: <b>%s</b>.',
472-
'aad-sso-wordpress' ), $group_memberships->{'odata.error'}->code )
473-
);
474-
} else {
475-
AADSSO::debug_log( 'Unexpected response to checkMemberGroups: ' . json_encode( $group_memberships ) );
476-
return new WP_Error(
477-
'unexpected_response_to_checkMemberGroups',
478-
__( 'ERROR: Unexpected response when checking group membership in Azure AD.',
479-
'aad-sso-wordpress' )
480-
);
481-
}
482482

483483
// Determine which WordPress role the AAD group corresponds to.
484484
$roles_to_set = array();

0 commit comments

Comments
 (0)